search

sherlock-audit / 2023-12-flatmoney-judging

9 stars 7 forks source link

0xLogos - Close position trader fee can be bypassing #267

Closed sherlock-admin closed 5 months ago

sherlock-admin commented 5 months ago

0xLogos

medium

Close position trader fee can be bypassing

Summary

User can pay less fee for position close using limit order.

Vulnerability Detail

Limit order close fee calculated using current position size when order announced in announceLimitOrder

uint256 tradeFee = ILeverageModule(vault.moduleAddress(FlatcoinModuleKeys._LEVERAGE_MODULE_KEY)).getTradeFee(
    vault.getPosition(tokenId).additionalSize
);

When executing in _closePosition function previously calculated fee are used

order.orderData = abi.encode(
    FlatcoinStructs.AnnouncedLeverageClose({
        tokenId: tokenId,
        minFillPrice: minFillPrice,
        tradeFee: _limitOrder.tradeFee
    })
);

But in the moment of execution position size can be greater (or smaller) because of adjustment hence incorrect fee are applied.

User can open position with minimal amount, announce limit and adjust position to desirable size. When limit order executed, he will pay minimal fee for arbitrary large position close.

Impact

Loss of revenue for LP

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/bba4f077a64f43fbd565f8983388d0e985cb85db/flatcoin-v1/src/LimitOrder.sol#L62-L64

Tool used

Manual Review

Recommendation

Calculate trader fee when executing limit order in _closePosition function.

Duplicate of #212

sherlock-admin commented 5 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

valid: high(11)

sherlock-admin commented 4 months ago

The protocol team fixed this issue in PR/commit https://github.com/dhedge/flatcoin-v1/pull/274.